registry  /  @x12i/catalox-engine  /  6.0.0

@x12i/catalox-engine@6.0.0

Catalox catalog engine

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No install-time or import-time attack behavior is established. The exported JSX helper can execute arbitrary caller-provided module source when invoked, so it is a dangerous but explicitly labeled application-level capability.

Static reason
No blocking static signals were detected.
Trigger
A consumer calls `unsafeCreateRendererFunction` with untrusted `transpiledModuleSource`.
Impact
Arbitrary JavaScript executes with the permissions of the consuming Node.js process.
Mechanism
Dynamic ESM evaluation via a `data:` URL import.
Rationale
The package is not malicious by static inspection: it has no lifecycle hooks or covert payload behavior. However, its exported unsandboxed renderer evaluator is a concrete dangerous code-execution capability if consumers pass attacker-controlled input.
Evidence
package.jsondist/jsx/index.jsdist/embedder.jsdist/operator.jsdist/cli/index.jsdist/catalox/backup-data.js

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/jsx/index.js` exports `unsafeCreateRendererFunction`, which dynamically imports caller-supplied JavaScript through a `data:` URL.
  • The function executes the supplied module in the host process and returns its default export; it has no sandbox or validation.
Evidence against
  • `package.json` contains no `preinstall`, `install`, or `postinstall` hooks.
  • `package.json` entrypoints are normal ESM exports plus an explicit `catalox` CLI.
  • No package-owned hard-coded HTTP/WebSocket endpoints or child-process execution were found.
  • Filesystem writes and destructive operations are explicit CLI/catalog backup, migration, and storage-management features.
  • No AI-agent configuration paths or foreign control-surface mutations were found.
Behavioral surface
Source
CryptoEnvironmentVarsFilesystem
Supply chain
HighEntropyStrings
ManifestNo manifest risk signals triggered.
scanned 132 file(s), 596 KB of source

Source & flagged code

1 flagged · loading source
dist/jsx/index.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/jsx/index.js` exports `unsafeCreateRendererFunction`, which dynamically imports caller-supplied JavaScript through a `data:` URL.

dist/jsx/index.jsView on unpkg

Findings

3 Medium3 Low
MediumEnvironment Vars
MediumAi Review Evidencedist/jsx/index.js
MediumAi Review Evidence
LowScripts Present
LowFilesystem
LowHigh Entropy Strings